» homic.exe
Overview
Analysis
File Details
Network (1)

homic.exe

avdorsis

The executable homic.exe has been detected as malware by 26 anti-virus scanners. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.

File name:

homic.exe

Product:

avdorsis

Version:

1.0.0.0

MD5:

b939c94807145a7eac8940398a35ea9f

SHA-1:

8f7356ae1ab6b99f1078df9941b142f836d2c92b

SHA-256:

b87d528f786df2516ff59ec84720c5aa0cbb39223fd90af2041681efe098e480

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

11/1/2024 3:41:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3458364

161

AegisLab AV Signature

Troj.Ransom.W32.Blocker!c

2.1.4+

AhnLab V3 Security

Trojan/Win32.Blocker.N2071455009

3.7.5.15

Avira AntiVirus

TR/Blocker.nefa

8.3.3.4

Arcabit

Trojan.Generic.D34C53C

1.0.0.742

avast!

Win32:Malware-gen

2014.9-160826

AVG

MSIL10

2017.0.2639

Bitdefender

Trojan.GenericKD.3458364

1.0.20.1195

Emsisoft Anti-Malware

Trojan.GenericKD.3458364

8.16.08.26.08

ESET NOD32

MSIL/Agent.ALH (variant)

10.13991

Fortinet FortiGate

W32/Blocker.JKQN!tr

8/26/2016

F-Secure

Trojan.GenericKD.3458364

11.2016-26-08_6

G Data

Trojan.GenericKD.3458364

16.8.25

IKARUS anti.virus

Trojan.MSIL.Agent

t3scan.2.1.6.0

K7 AntiVirus

Riskware

13.237.20625

Kaspersky

Trojan-Ransom.Win32.Blocker

14.0.0.-309

McAfee

RDN/Ransom

5600.6295

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.13000.0

MicroWorld eScan

Trojan.GenericKD.3458364

17.0.0.717

Panda Antivirus

Trj/GdSda.A

16.08.26.08

Rising Antivirus

Ransom.Blocker!8.12A-8IXQMkKFQND (Cloud)

23.00.65.16824

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R00JC0DHC16

7.2.239

Trend Micro

TROJ_GEN.R00JC0DHC16

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

51704

ViRobot

Trojan.Win32.Z.Blocker.94720[h]

2014.3.20.0

File size:

92.5 KB (94,720 bytes)

Product version:

1.0.0.0

avdorsis

Original file name:

avdorsis.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\webfox\set.{ed7ba470-8e54-465e-825c-99712043e01c}\homic.exe

File PE Metadata

Compilation timestamp:

8/4/2016 2:39:01 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:rqgUvBEo8/jU/T5S73tEFeGdvZA+M0ttttttttttttttttttttttttttKltNWahh:GgUvBEo8/jU/T5S73tEFeGdvOF3lnWaP

Entry address:

0x10BFE

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.2999

Code size:

59.5 KB (60,928 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to dev.ucoz.net (195.216.243.123:80)

Remove homic.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.